In the Linux kernel, the following vulnerability has been resolved:
xfrm: fix refcount leak in _xfrmpolicy_check()
The issue happens on an error path in _xfrmpolicycheck(). When the
fetching process of the object pols[1]
fails, the function simply
returns 0, forgetting to decrement the reference count of pols[0]
,
which is incremented earlier by either xfrmskpolicylookup() or
xfrmpolicylookup(). This may result in memory leaks.
Fix it by decreasing the reference count of pols[0]
in that path.